eliseuamaro/gnu-social
1
0
Fork 0
forked from GNUsocial/gnu-social
Code Issues Pull Requests Releases Wiki Activity

[SECURITY] Wrap getUser in a try catch, in case the user doesn't exist

Browse Source
This commit is contained in:
Hugo Sales
2020-08-14 00:18:31 +00:00
committed by Hugo Sales
parent 213cfe5285
commit 95a1938d0f
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/Security/Authenticator.php
View File

@@ -23,6 +23,7 @@ use App\Core\DB\DB;
use function App\Core\I18n\_m;
use App\Entity\User;
use App\Util\Nickname;
use Exception;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
@@ -90,8 +91,10 @@ class Authenticator extends AbstractFormLoginAuthenticator
}
$nick = Nickname::normalize($credentials['nickname']);
$user = DB::findOneBy('local_user', ['or' => ['nickname' => $nick, 'outgoing_email' => $nick]]);
if (!$user) {
$user = null;
try {
$user = DB::findOneBy('local_user', ['or' => ['nickname' => $nick, 'outgoing_email' => $nick]]);
} catch (Exception $e) {
throw new CustomUserMessageAuthenticationException(
_m('\'{nickname}\' doesn\'t match any registered nickname or email.', ['{nickname}' => $credentials['nickname']]));
}